My key takeaways
- Burp over ZAP? It’s the pro features, that make burp so common
- Enable Jython to make Python available for extensions
- You have to install the burp certs in each browser to make it work. Just type
burp
in the address bar - FF has a built-in ability to have different browser profiles. Handy for testing e.g. admin users and normal user in parallel
- everybody forgets sometimes to shut of intruder :sweat_smile:
- use a SOCKS proxy if testing from home: this enables IP whitelisting and avoids getting your home network blocked e.g. by Google for suspicious activities
Env
- Provided by blackhillsinfosec.com
- Presenter Brian King